[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Server 2008 std and basic priciplas for Remote Access

Posted on 2009-12-28
10
Medium Priority
?
286 Views
Last Modified: 2013-11-21
Hi

My first 2008 Server.

Scenario. 2008 std Server (DC and Fileserver). 30 worksations (XPs) and apx 5 remote workers who take their laptops time times to home and need access to server shares. No Exchange.

Is there any easy way to allow workstations to access servr's shares? I'm happy to setup port forwarding rules on Firewall (two public IPs).

Any guidance is apreciated.

Have a Great New Year!

Thanks,

Juha

0
Comment
Question by:RimFire007
  • 5
  • 4
10 Comments
 
LVL 18

Expert Comment

by:Ravi Agrawal
ID: 26136270
How about setting up a VPN on the server and those laptop users connect through it.

Ravi.
0
 

Author Comment

by:RimFire007
ID: 26136423
Hi

I have only one server there. I googled a little and wasn't sure how to go on. I wonder if there is easy wizards to establish the VPN? PPTP is too unsecure. LSTP seemed to quite tricky, specially in the real world. Do you suggest that  - any links?

Rgs,

Juha
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26138957
I have a 2008 box at home that is a DC and also RRAS. Works beautifully over the internet. I VPN from XP/Windows 7/Mac OS X without any issues and can access any shares. Works great.
Note that VPN is indeed a good solution BUT the remote nodes do become part of your network and depending on your rules (ports/IPs the remote nodes can access) this may become a huge issue as an infected machine may end up infecting the entire company if such restrictions are not in place. Keep that in mind when deploying a VPN solution.

Cláudio Rodrigues
Citrix CTP
0
 
LVL 18

Accepted Solution

by:
Ravi Agrawal earned 1500 total points
ID: 26139077
Agreed with Claudio Rodrigues

The author seems to be aware of Security issues as clearly highlighted in his earlier comment - PPTP is too unsecure.

Well VPN solutions come with their own risks. The connecting laptops must be free from malware & secured as Claudio is quite right.

If he is not comfortable with VPN, he can run an ftp server with access to the internet. A complex authentication mechanism could be established using SSH.

Ravi.
0
 

Author Comment

by:RimFire007
ID: 26141370
Thanks gyes

SBS servers usually has pretty easy "step by step" wizards to take care of these (but actually not quite what I need). This is my second 2008 std server ( a migration from 2000). Done several 2003s up to 100 WSs. Several FW networks - also off shore. Less than 2 colleague, so I need to solve problems by my self .

How do you improve this WS remote access of which I'm not 100% pleased, allready tested:

1. I'll allready built a L2TP VPN  tunnel terminated to an HW FW.
2. I configured a XP/Vista WS to connect to FW via L2TP tunnel.
3. Now i can ping the the FW internal IP and also the LAN IPs.
4. Tested this with non domain joined WS.
5. I configured a XP/Vista WS to connect to DC via PPTP tunnel.
6. Now I can open the shares without problems.
7. Tested this with non domain joined WSs.
8. Can automate all this in reasonible manner
8. Can Manually run login scripts
9. Can sell this to my customer and say here you are
9. Can feel happy in the most atypical way
10. I tested this with 2000 server and worked like a charm. Wonder if there is something better? At least 11. I hope if running login scrits there won't be a problem related persistent issues.

I'm, really here to try improve my methods and asking help. My method works but integration towads Windows is close to nothing. I was once involved with a project to raise up a Win RADIUS server intergrated with FW. Didn't went too good. I do implement time to time SBS servers with self signed certificates and also with bublic one.

But this scenario. I believe that I'm missing something here. I do FWs pretty good. I do 2003 servers pretty good.

1. If I do the L2TP towards FW ho can I easyly provide shares to domain joined WS?
2. If  #1 is history, how to carry on? Don't wan't to do:

http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Remote-Access-SSL-VPN-Server-Part1.html

at this point. I'm just about to migrate. Really, do I have to do all that?

grtraders: VPN is OK but also problematic. VPN softawere, Win native support. "There where is a VPN there is a problem" said one wise man (was it me). How ever, my customers don't use FTP due to lack of security. Just build two DMZ-sites and HTTP-Commander in there. How do you like it?

Thanks,

Juha
0
 
LVL 18

Expert Comment

by:Ravi Agrawal
ID: 26142868
I agree with the security issues of Ftp but i did mention using it with ssh authentication. I came across a tutorial earlier and tested out implementation of vnc with putty in a virtual environment.

I will be posting the links in a short while as soon as i get to my pc.

I believe ftp can be implemented in a totally secure environment its just only a little setup that ip needed.

Ravi.
0
 
LVL 18

Assisted Solution

by:Ravi Agrawal
Ravi Agrawal earned 1500 total points
ID: 26143493
http://unixwiz.net/techtips/putty-openssh.html

I guess you can use it that way to autheticate users from outside.

http://erikjheels.com/?p=470

Above one should also help.

You can setup this environment to encrypt your communication via ftp.

Ravi.
0
 

Author Comment

by:RimFire007
ID: 26272608
Hi

I were messed up with other projects but will do this propably after on week. Actually I managed to create a LSTP VPN tunnel terminated to Firewall and based on testuser feedback it might cover all. No secondary PPTP is required.

The customer can no open shares on the Original old server. So pretty much this is taken care. Currently no credentials are asked for opening the share (while VPN connected) the cashed credentials seem to work here. This might be solved ,but it is possible that I need to implement perhaps WINS in the new server. Currently while L2TP connected the Internet browser doesn't work. This is potentially FW related. Perhaps try to provide DNS from FW for VPN connected users.

Special thanks to Ravi for intresting links.

Rgs, Juha
0
 

Author Closing Comment

by:RimFire007
ID: 31670670
Sorry for the delay. I slipped your point but both answers were helful to me.

Thank you again.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question